Yahoo has recently confirmed that a hack including names, email addresses, telephone numbers and encrypted passwords has compromised at least half a billion users of Yahoo services.
The company released this statement confirming the breach and advising users that affected accounts will receive notifications to change passwords and update alternative verification details.
Yahoo has also posted this F.A.Q. on the breach and explanations of the terms.
Some of the information on the hack.
- It is highly suspected that the hack was a state sponsored activity.
- The hack occurred around 2012.
- Names, email addresses, telephone numbers, dates of birth, hashed (encrypted) passwords, security questions and answers are included in the breach.
- Tumblr accounts do not seem to have been affected.
What can be done to protect yourself?
- Never re-use passwords.
- Where available use 2 factor authentication. Even though SMS verification is no longer recommended it is better than no second level of authentication at all.
- Use a password manager like Lastpass to remember your passwords for you as well as generate secure passwords.
- Consider visiting https://haveibeenpwned.com/ to see if other accounts may have been compromised. Knowing which accounts have been affected should give you motivation to employ good security.
- Never click on links or open attachments that you did not specifically ask for even if you know the sender.
For more information, refer to this article from PCWorld.com.